Backed by the Chinese government, a cyber-espionage group has been observed engaging in ransomware-related activities as part of its intelligence activities.
Further, this observation demonstrates how nation-state cyber operations and financially motivated cybercrimes have become increasingly convergent as a result of financial incentives.
In late November 2024, Symantec’s research team observed that threat actors infiltrated a medium-sized software and services company in South Asia by exploiting a critical authentication bypass vulnerability (CVE-2024-0012) in Palo Alto Network’s security systems to gain access to its databases.
Several days after the initial compromise, the attackers obtained administrative credentials from the company’s intranet, and this gave them access to the Veeam server.
Upon discovering the AWS S3 credentials on the server, they discovered that data management tools like Veeam are often using these credentials to facilitate access to cloud storage accounts through the use of cloud storage tools.
It is believed that these credentials were used by the attackers to gain access to the company’s sensitive data stored in an S3 buckettoo to encrypt its Windows-based systems with RA World ransomware. At first, the attackers demanded a ransom of $2 million but offered a $1 million reduction if the ransom was paid within three days.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: